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INTRODUCTION 

This report was prepared by the National Security Agency (NSA) Civil Liberties and 
Privacy Office as part of its responsibilities to enhance communications and transparency with 
the public and stakeholders. Its Director is the primary advisor to the Director of NSA when it 
comes to matters of civil liberties and privacy. Created in January 2014, the Office is also 
charged with ensuring that civil liberties and privacy protection are integrated into NSA 
activities. The intent of this paper is to help build a common understanding that can serve as a 
foundation for future discussions about the existing civil liberties and privacy protections. 

The mission of NSA is to make the nation safer by providing policy makers and military 
commanders with timely foreign intelligence and by protecting national security information 
networks. NSA collects foreign intelligence based on requirements from the President, his 
national security team, and their staffs through the National Intelligence Priorities Framework. 
NSA fulfills these national foreign intelligence requirements through the collection, processing, 
and analysis of communications or other data, passed or accessible by radio, wire or other 
electronic means. 

NSA's authority to conduct signals intelligence collection for foreign intelligence and 
counterintelligence purposes is provided primarily by Section 1.7(c)(1) of Executive Order 
12333, as amended. The execution of NSA's signals intelligence mission must be conducted in 
conformity with the Fourth Amendment. This includes NSA's acquisition of communications to 
which a U.S. person is a party under circumstances in which the U.S. person has a reasonable 
expectation of privacy, The Foreign Intelligence Surveillance Act of 1978 (F1SA) further 
regulates certain types of foreign intelligence collection, including that which occurs with 
compelled assistance from U.S. communications providers. 

This Report describes one way in which NSA meets these responsibilities while using 
Section 702 of FISA, as amended by the FISA Amendments Act of200S. Although multiple 
federal agencies participate in Section 702 collection, this paper describes the process by which 
NSA obtains, uses, shares, and retains communications of foreign intelligence value pursuant to 
Section 702. It also describes existing privacy and civil liberties protections built into the 
process. 



The NSA Civil Liberties and Privacy Office (CLPO) used the Fair Information Practice 
Principles (FIPP)' as an initial tool to describe the existing civil liberties and privacy protections 
in place for collection done under Section 702 authority. 2 

SECTION 702 OF F1SA 

Section 702 of PISA was widely and publicly debated in Congress both during the initial 
passage in 2008 and the subsequent re-authorization in 20 1 2. It provides a statutory basis for 
NSA, with the compelled assistance of electronic communication service providers, to target 
non-U. S. persons reasonably believed to be located outside the U.S. in order to acquire foreign 
intelligence information. Given that Section 702 only allows for the targeting of non-U. S. 
persons outside the U.S., it differs from most other sections of FISA. It does not require an 
individual determination by the U.S. Foreign Intelligence Surveillance Court (FISC) that there is 
probable cause to believe the target is a foreign power or an agent of a foreign power. Instead, 
the FISC reviews annual topical certifications executed by the Attorney General (AG) and the 
Director of National Intelligence (DNI) to determine if these certifications meet the statutory 
requirements. The FISC also determines whether the statutorily required targeting and 
minimization procedures used in connection with the certifications are consistent with the statute 
and the Fourth Amendment, The targeting procedures are designed to ensure that Section 702 is 
only used to target non-U. S. persons reasonably believed to be located outside the U.S. 

The minimization procedures are designed to minimize the impact on the privacy on U.S. 
persons by minimizing the acquisition, retention, and dissemination of non-publicly available 
U.S. person information that was lawfully, but incidentally acquired under Section 702 by the 
targeting of non-U. S. persons reasonably believed to be located outside the U.S. Under these 
certifications the AG and the DNI issue directives to electronic communication service providers 
(service providers) that require these service providers to "immediately provide the Government 
with all information ... or assistance necessary to accomplish the acquisition [of foreign 
intelligence information] in a manner that will protect the secrecy of the acquisition. ..." The 
Government's acquisition of communications under its Section 702 authority thus takes place 
pursuant to judicial review and with the knowledge of the service providers. 

NSA cannot intentionally use Section 702 authority to target any U.S. citizen, any other 
U.S. person, or anyone known at the time of acquisition to be located within the U.S. The statute 
also prohibits the use of Section 702 to intentionally acquire any communication as to which the 



' The FIPPS are the recognized principles for assessing privacy impacts. They have been incorporated into 
EO 1 3636, Improving Critical Infrastructure Cybersecurity and the National Strategy for Trusted Identities in 
Cyberspace. These principles are rooted in the U.S. Department of Health, Education and Welfare's seminal 1973 
report, "Records, Computers and the Rights of Citizens." The FlPPs have been implemented in the Privacy Act of 
1974, with certain exemptions, including ones that apply to certain national security and law enforcement activities. 

2 NSA CLPO will continue to refine its assessment tools to best suit the mission of NSA, as a member of the 
Intelligence Community, and to protect civil liberties and privacy. 



sender and all intended recipients are known at the time of acquisition to be located inside the 
U.S. Similarly, the statute prohibits the use of Section 702 to conduct ''reverse targeting" (i.e., 
NSA may not intentionally target a person reasonably believed to be located outside of the U.S. 
if the purpose of such acquisition is to target a person reasonably believed to be located inside 
the U.S.). All acquisitions conducted pursuant to Section 702 must be conducted in a manner 
consistent with the Fourth Amendment. NSA's FISC-approved targeting procedures permit 
NSA to target a non-U. S. person reasonably believed to be located outside the U.S, if the 
intended target possesses, is expected to receive, and/or is likely to communicate foreign 
intelligence information concerning one of the certifications executed by the AG and DN1. 
Although the purpose of Section 702 is to authorize targeting of non-U.S. persons outside the 
U.S., the statute's requirement for minimization procedures recognizes that such targeted 
individuals or entities may communicate about U.S. persons or with U.S. persons. For this 
reason, NSA also must follow FISC-approved minimization procedures that govern the handling 
of any such communications. 

NSA must report to the Office of the Director of National Intelligence (ODNl) and the 
Department of Justice (DOJ) any and all instances where it has failed to comply with the 
targeting and/or minimization procedures. In addition, ODNl and DOJ have access to 
documentation concerning each of NSA's Section 702 targeting decisions and conduct regular 
reviews in order to provide independent oversight of NSA's use of the authority. The FISC 
Rules of Procedure require the Government to notify the Court of all incidents of non- 
compliance with applicable law or with an authorization granted by the Court. The Government 
reports Section 702 compliance incidents to the Court via individual notices and quarterly 
reports. In addition, the Government reports all Section 702 compliance incidents to Congress in 
the Attorney General's Semiannual Report. Depending on the type or severity of compliance 
incident, NSA may also promptly notify the Congressional Intelligence Committees, as well as 
the President's Intelligence Oversight Board of an individual compliance matter. 

Existing Privacy and Civil Liberties Protections: Each of the three branches of federal 
government oversees NSA's use of the Section 702 authorities. NSA provides transparency to 
its oversight bodies (Congress, DOJ, ODNl, DoD. the President's Intelligence Oversight Board 
and the FISC) through regular briefings, court filings, and incident reporting. In addition, DOJ 
and ODNl conduct periodic reviews of NSA's use of the authority and report on those reviews. 
More recently, at the direction of the President, the Government has provided additional 
transparency to the public regarding the program by declassifying FISC opinions and related 
documents. Although FISA surveillance is normally kept secret from the targets of the 
surveillance, there are exceptions. For example, if the Government intends to use the results of 
FISA surveillance, to include Section 702 surveillance, in a trial or other proceeding against a 
person whose communications were collected, the Government must notify the person so the 
person can challenge whether the communications were acquired lawfully. These protections 
implement the general Fair Information Practice Principle (FIPP) of transparency. 
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HOW NSA IMPLEMENTS SECTION 702 of F1SA 



TRAINING 

Before an analyst gains access to any NSA signals intelligence data, the analyst must 
complete specialized training on the legal and policy guidelines that govern the handling and use 
of the data. Additional training is required for access to Section 702 data. These annual 
mandatory training requirements include scenario-based training, required reading, and a final 
competency test. The analyst must pass this test before being granted access. Furthermore, if a 
compliance incident involves a mistake or misunderstanding of relevant policies, the analyst is 
re-trained in order to continue to have access to the data acquired pursuant to Section 702. 

IDENTIFYING AND TASKING A SELECTOR 

Next in the Section 702 process is for an NSA analyst to identify a non-U. S. person 
located outside the U.S. who has and/or is likely to communicate foreign intelligence 
information as designated in a certification. For example, such a person might be an individual 
who belongs to a foreign terrorist organization or facilitates the activities of that organization's 
members. Non-U. S. persons are not targeted unless NSA has reason to believe that they have 
and/or are likely to communicate foreign intelligence information as designated in a certification; 
U.S. persons are never targeted. 

Once the NSA analyst has identified a person of foreign intelligence interest who is an 
appropriate target under one of the FISC-approved Section 702 certifications, that person is 
considered the target. The NSA analyst attempts to determine how, when, with whom, and 
where the target communicates. Then the analyst identifies specific communications modes used 
by the target and obtains a unique identifier associated with the target - for example, a telephone 
number or an email address. This unique identifier is referred to as a selector. The selector is 
not a "keyword" or particular term (e.g., "nuclear" or "bomb"), but must be a specific 
communications identifier (e.g., e-mail address). 

Next the NSA analyst must verify that there is a connection between the target and the 
selector and that the target is reasonably believed to be (a) a non-U. S. person and (b) located 
outside the U.S. This is not a 5 1% to 49% "foreignness" test. Rather the NSA analyst will check 
multiple sources and make a decision based on the totality of the information available. If the 
analyst discovers any information indicating the targeted person may be located in the U.S. or 
that the target may be a U.S. person, such information must be considered. In other words, if 
there is conflicting information about the location of the person or the status of the person as a 
non-U. S. person, that conflict must be resolved before targeting can occur. 

For each selector, the NSA analyst must document the following information: (1) the 
foreign intelligence information expected to be acquired, as authorized by a certification, (2) the 
information that would lead a reasonable person to conclude the selector is associated with a 



non-U. S. person, and (3) the information that would similarly lead a reasonable person to 
conclude that this non-U. S. person is located outside the U.S. This documentation must be 
reviewed and approved or denied by two senior NSA analysts who have satisfied additional 
training requirements. The senior NSA analysts may ask for more documentation or 
clarification, but regardless must verify that all requirements have been met in full. NSA tracks 
the submission, review, and approval process through the documentation and the senior NSA 
analysts' determinations are retained for further review by NSA's compliance elements, as well 
as external oversight reviewers from DOJ and ODNI. Upon approval, the selector may be used 
as the basis for compelling a service provider to forward communications associated with the 
given selector. This is generally referred to as "tasking" the selector. 

Existing Privacy and Civil Liberties Protections: NSA trains its analysts extensively through a 
variety of means to ensure that analysts fully understand their responsibilities and the specific 
scope of this authority. If the analyst fails to meet the training standards, the analyst will not 
have the ability to use the Section 702 authority for collection purposes. If the analyst fails to 
maintain ongoing training standards, the analyst will lose the ability to use the Section 702 
authority for collection purposes and all ability to retrieve any data previously collected under 
the authority. NSA requires any authorized and trained analyst seeking to task a selector using 
Section 702 to document the three requirements for use of the authority - that the target is 
connected sufficiently to the selector for an approved foreign intelligence purpose, that the target 
is a non-U. S. person, and that the target is reasonably believed to be located outside the U.S. 
This documentation must be reviewed, validated, and approved by the senior analysts who have 
received additional training. These protections implement the general FIPPs of purpose 
specification, accountability and auditing, and minimization. 

ACCESSING AND ASSESSING COMMUNICATIONS OBTAINED UNDER SECTION 
702 AUTHORITY 

Once senior analysts have approved a selector as compliant, the service providers are 
legally compelled to assist the government by providing the relevant communications. Therefore, 
tasking under this authority takes place with the knowledge of the service providers. NSA 
receives information concerning a tasked selector through two different methods. 

In the first, the Government provides selectors to service providers through the FBI. The 
service providers are compelled to provide NSA with communications to or from these selectors. 
This has been generally referred to as the PRISM program. 

In the second, service providers are compelled to assist NSA in the lawful interception of 
electronic communications to, from, or about tasked selectors. This type of compelled service 
provider assistance has generally been referred to as Upstream collection. NSA's FISC- 
approved targeting procedures include additional requirements for such collection designed to 
prevent acquisitions of wholly domestic communications. For example, in certain circumstances 
NSA's procedures require that it employ an Internet Protocol filter to ensure that the target is 



5 



located overseas. The process for approving the selectors for tasking is the same for both 
PRISM and Upstream collection. 

Once NSA has received communications of the tasked selector, NSA must follow 
additional FISC-approved procedures known as the minimization procedures. These procedures 
require NSA analysts to review at least a sample of communications acquired from all selectors 
tasked under Section 702, which occurs on a regular basis to verify that the reasonable belief 
determination used for tasking remains valid. 

The NSA analyst must review a sample of communications received from the selectors to 
ensure that they are in fact associated with the foreign intelligence target and that the targeted 
individual or entity is not a U.S. person and is not currently located in the U.S. If the NSA 
analyst discovers that NSA is receiving communications that are not in fact associated with the 
intended target or that the user of a tasked selector is determined to be a U.S. person or is located 
in the U.S., the selector must be promptly "detasked." As a general rule, in the event that the 
target is a U.S. person or in the U.S., all other selectors associated with the target also must be 
detasked. 

Existing Privacy and Civil Liberties Protections: In addition to extensive training, the analyst is 
required to review the collection to determine that it is associated with the targeted selector and 
is providing the expected foreign intelligence shortly after the tasking starts and at least annually 
thereafter. This review allows NSA to identify possible problems with the collection and 
provides an additional layer of accountability. In addition, NSA has technical measures that alert 
the NSA analysts if it appears a selector is being used from the U.S. These protections implement 
the general FIPPs of purpose specification, minimization, accountability and auditing, data 
quality, and security. 

NSA PROCESSING AND ANALYSIS OF COMMUNICATIONS OBTAINED UNDER 
SECTION 702 AUTHORITY 

Communications provided to NSA under Section 702 are processed and retained in 
multiple NSA systems and data repositories. One data repository, for example, might hold the 
contents of communications such as the texts of emails and recordings of conversations, while 
another, may only include metadata, i.e., basic information about the communication, such as the 
time and duration of a telephone call, or sending and receiving email addresses. 

NSA analysts may access communications obtained under Section 702 authority for the 
purpose of identifying and reporting foreign intelligence. They access the information via 
"queries," which may be date-bound, and may include alphanumeric strings such as telephone 
numbers, email addresses, or terms that can be used individually or in combination with one 
another. FISC-approved minimization procedures govern any queries done on Section 702- 
derived information. NSA analysts with access to Section 702-derived information are trained in 
the proper construction of a query so that the query is reasonably likely to return valid foreign 
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intelligence and minimizes the likelihood of returning non-pertinent U.S. person information. 
Access by NSA analysts to each repository is controlled, monitored, and audited. There are, for 
example, automated checks to determine if an analyst has completed all required training prior to 
returning information responsive to a query. Further, periodic spot checks on queries by NSA 
analysts are conducted. 

Since October 201 1 and consistent with other agencies' Section 702 minimization 
procedures, NSA's Section 702 minimization procedures have permitted NSA personnel to use 
U.S. person identifiers to query Section 702 collection when such a query is reasonably likely to 
return foreign intelligence information. NSA distinguishes between queries of communications 
content and communications metadata. NSA analysts must provide justification and receive 
additional approval before a content query using a U.S. person identifier can occur. To date, 
NSA analysts have queried Section 702 content with U.S. person identifiers less frequently than 
Section 702 metadata. For example, NSA may seek to query a U.S. person identifier when there 
is an imminent threat to life, such as a hostage situation. NSA is required to maintain records of 
U.S. person queries and the records are available for review by both DOJ and ODN1 as part of 
the external oversight process for this authority. Additionally, NSA's procedures prohibit NSA 
from querying Upstream data with U.S. person identifiers. 

Existing Privacy and Civil Liberties Protections: In addition to the training and access controls, 
NSA maintains audit trails for all queries of the Section 702 data. NSA's Signals Intelligence 
Directorate's compliance staff routinely reviews a portion of all queries that include U.S. person 
identifiers to ensure that all such queries are only conducted when appropriate. Personnel from 
DOJ and ODNI provide an additional layer of oversight to ensure that NSA is querying the data 
appropriately. These protections implement the general FIPPs of security, accountability and 
auditing, and data quality. 

NSA DISSEMINATION OF INTELLIGENCE DERIVED FROM COMMUNICATIONS 
OBTAINED UNDER SECTION 702 AUTHORITY 

NSA only generates signals intelligence reports when the information meets a specific 
intelligence requirement, regardless of whether the proposed report contains U.S. person 
information. Dissemination of information about U.S. persons in any NSA foreign intelligence 
report is expressly prohibited unless that information is necessary to understand foreign 
intelligence information or assess its importance, contains evidence of a crime, or indicates a 
threat of death or serious bodily injury. Even if one or more of these conditions apply, NSA may 
include no more than the minimum amount of U.S. person information necessary to understand 
the foreign intelligence or to describe the crime or threat. For example, NSA typically "masks" 
the true identities of U.S. persons through use of such phrases as "a U.S. person" and the 
suppression of details that could lead to him or her being successfully identified by the context. 
Recipients of NSA reporting can request that NSA provide the true identity of a masked U.S. 
person referenced in an intelligence report if the recipient has a legitimate need to know the 
identity. Under NSA policy, NSA is allowed to unmask the identity only under certain 



conditions and where specific additional controls are in place to preclude its further 
dissemination, and additional approval has been provided by one of seven designated positions at 
NSA. Additionally, together DO.I and ODNI review the vast majority of disseminations of 
information about U.S. persons obtained pursuant to Section 702 as part of their oversight 
process. 

Existing Privacy and Civil Liberties Protections: As noted above, NSA only generates signals 
intelligence reports when the information meets a specific intelligence requirement, regardless of 
whether the proposed report contains U.S. person information or not. Additionally, NSA's 
Section 702 minimization procedures require any U.S. person information to be minimized prior 
to dissemination, thereby reducing the impact on privacy for U.S. persons. The information may 
only be unmasked in specific instances consistent with the minimization procedures and NSA 
policy. These protections implement the general FIPPs of minimization and purpose 
specification. 



RETENTION OF UNEVALUATED COMMUNICATIONS OBTAINED UNDER 
SECTION 702 AUTHORITY 

The maximum time that specific communications' content or metadata may be retained 
by NSA is established in the FISC-approved minimization procedures. The unevaluated content 
and metadata for PRISM or telephony data collected under Section 702 is retained for no more 
than five years. Upstream data collected from Internet activity is retained for no more than two 
years. NSA complies with these retention limits through an automated process. 

NSA's procedures also specify several instances in which NSA must destroy U.S. person 
collection promptly upon recognition. In general, these include any instance where NSA 
analysts recognize that such collection is clearly not relevant to the authorized purpose of the 
acquisition nor includes evidence of a crime. Additionally, absent limited exceptions, NSA must 
destroy any communications acquired when any user of a tasked account is found to have been 
located in the U.S. at the time of acquisition. 

Existing Privacy and Civil Liberties Protections: NSA has policies, technical controls, and staff 
in place to ensure the data is retained in accordance with the FISC-approved procedures. The 
automated process to delete the collection at the end of the retention period applies to both U.S. 
person and non U.S. person the information. There is an additional manual process for the 
destroying information related to U.S. Persons where NSA analysts have recognized the 
collection is clearly not relevant to the authorized purpose of the acquisition nor includes 
evidence of a crime. These protections implement the general FIPPs of minimization and 
security. 



ORGANIZATIONAL MANAGEMENT, COMPLIANCE, AND OVERSIGHT 



NSA is subject to rigorous internal compliance and external oversight. Like many other 
regulated entities, NSA has an enterprise- wide compliance program, led by NSA's Director of 
Compliance, a position required by statute. NSA's compliance program is designed to provide 
precision in NSA's activities to ensure that they are consistently conducted in accordance with 
law and procedure, including in this case the Section 702 certifications and accompanying 
Section 702 targeting and minimization procedures and additional FISC requirements. As part of 
the enterprise-wide compliance structure, NSA has compliance elements throughout its various 
organizations. NSA also seeks to detect incidents of non-compliance at the earliest point 
possible. When issues of non-compliance arise regarding the way in which NSA carries out the 
FISC-approved collection, NSA takes corrective action and, in parallel, NSA must report 
incidents of non-compliance to ODNI and DOJ for further reporting to the FISC and Congress, 
as appropriate or required. 

These organizations, along with the NSA General Counsel, the NSA Inspector General, 
and most recently the Director of Civil Liberties and Privacy have critical roles in ensuring all 
NSA operations proceed in accordance with the laws, policies, and procedures governing 
intelligence activities. Additionally, each individual NSA analyst has a responsibility for 
ensuring that his or her personal activities are similarly comptiant. Specifically, this 
responsibility includes recognizing and reporting all situations in which he or she may have 
exceeded his or her authority to obtain, analyze, or report intelligence information under Section 
702 authority. 

Compliance: NSA reports all incidents in which, for example, it has or may have 
inappropriately queried the Section 702 data, or in which an analyst may have made 
typographical errors or dissemination errors. NSA personnel are obligated to report when they 
believe NSA is not, or may not be, acting consistently with law, policy, or procedure. If NSA is 
not acting in accordance with law, policy, or procedure, NSA will report through its internal and 
external intelligence oversight channels, conduct reviews to understand the root cause, and make 
appropriate adjustments to its procedures. 

If NSA discovers that it has tasked a selector that is used by a person in the U.S. or by a 
U.S. person, then NSA must cease collection immediately and, in most cases must also delete the 
relevant collected data and cancel or revise any disseminated reporting based on this data. NSA 
encourages self-reporting by its personnel and seeks to remedy any errors with additional 
training or other measures as necessary. Following an incident, a range of remedies may occur: 
admonishment, written explanation of the offense, request to acknowledge a training point that 
the analyst might have missed during training, and/or required retesting. In addition to reporting 
described above, any intentional violation of law would be referred to the NSA Office of 
Inspector General. To date there have been no such instances, as most recently confirmed by the 
President's Review Group on Intelligence and Communications Technology. 



External Oversight: As required by the Section 702 targeting procedures, both DOJ and 
ODNI conduct routine oversight reviews. Representatives from both agencies visit NSA on a bi- 
monthly basis. They examine all tasking datasheets that NSA provides to DOJ and ODNI to 
determine whether the tasking sheets meet the documentation standards required by NSA's 
targeting procedures and provide sufficient information for the reviewers to ascertain the basis 
for NSA's foreignness determinations. For those records that satisfy the standards, no additional 
documentation is requested. For those records that warrant further review, NSA provides 
additional information to DOJ and ODNI during or following the onsite review. NSA receives 
feedback from the DOJ and ODNI team and incorporates this information into formal and 
informal training to analysts. DOJ and ODNI also review the vast majority of disseminated 
reporting that includes U.S. person information. 

Existing Privacy and Civil Liberties Protections: The compliance and oversight processes 
allow NSA to identify any concerns or problems early in the process so as to minimize the 
impact on privacy and civil liberties. These protections implement the genera! FlPPs of 
transparency to oversight organizations and accountability and auditing. 

CONCLUSION 

This Report, prepared by NSA's Office of Civil Liberties and Privacy, provides a comprehensive 
description of NSA's Section 702 activities. The report also documents current privacy and civil 
liberties protections. 
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